General

  • Target

    675c064aa83d1aa801143cdbf65cd503_JaffaCakes118

  • Size

    68KB

  • Sample

    240522-qdnj3sce8z

  • MD5

    675c064aa83d1aa801143cdbf65cd503

  • SHA1

    198308c95173d6b940ef17e353063d363f5acecf

  • SHA256

    b2dceeb815142be5d5b0ee068f13e95bc62c1759babd5b0ecce66d43c714aaf7

  • SHA512

    ad6006e9be5db75382bc503e749d6e445f6ad22987d7200cdd3e6adc2b59b2bd20f2dc4ccdee0763848ff4a4731aa1c836c42382d44af41c3aaf7f276338af06

  • SSDEEP

    768:1pJcaUitGAlmrJpmxlzC+w99NBr+1RS20hT57jQqs9l:1ptJlmrJpmxlRw99NBr+rSbhls9

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://vanieospjo.com/DAB/nerimf.php?l=kamax6.pas

Targets

    • Target

      675c064aa83d1aa801143cdbf65cd503_JaffaCakes118

    • Size

      68KB

    • MD5

      675c064aa83d1aa801143cdbf65cd503

    • SHA1

      198308c95173d6b940ef17e353063d363f5acecf

    • SHA256

      b2dceeb815142be5d5b0ee068f13e95bc62c1759babd5b0ecce66d43c714aaf7

    • SHA512

      ad6006e9be5db75382bc503e749d6e445f6ad22987d7200cdd3e6adc2b59b2bd20f2dc4ccdee0763848ff4a4731aa1c836c42382d44af41c3aaf7f276338af06

    • SSDEEP

      768:1pJcaUitGAlmrJpmxlzC+w99NBr+1RS20hT57jQqs9l:1ptJlmrJpmxlRw99NBr+rSbhls9

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks